Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

BIG changes. Make almost every server service modular, to distribute among multiple servers

Browse source
This commit is contained in:
Bun 2025-03-18 05:32:05 -04:00
parent 30fc0dc800
commit 7e40fd4fb3
44 changed files with 153 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/system/services/server/nginx/acme/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, lib, ... }:
{
config = lib.mkIf config.services.nginx.enable {
security.acme = {
acceptTerms = true;
defaults.email = "contact@nixfox.ca";
};
environment.persistence."/persist".directories = [ "/var/lib/acme" ];
};
}

28
modules/system/services/server/nginx/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, ... }:
{
imports = [
./acme
./rtmp
./user
./virtualhosts
];
options.services.webserver.enable = lib.mkEnableOption "Enable nginx related services";
config = lib.mkIf config.system.server.enable {
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [
80
443
];
environment.persistence."/persist".directories = [ "/var/www" ];
};
}

38
modules/system/services/server/nginx/rtmp/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.services.webserver.enable {
services.nginx = {
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
hls on;
hls_path /var/www/landing-page/streams/hls/;
hls_fragment_naming system;
hls_fragment 3;
hls_playlist_length 40;
}
}
}
'';
};
networking.nftables.tables.rtmp = {
family = "inet";
content = ''
chain input {
ip saddr { 10.0.0.0/8, ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept comment "Accept RTMP"
}
'';
};
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
};
}

15
modules/system/services/server/nginx/user/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, ... }:
{
users = lib.mkIf config.services.nginx.enable {
users.nginx = {
group = "nginx";
extraGroups = [
"turnserver"
"virtualMail"
];
isSystemUser = true;
uid = 60;
};
groups.nginx = {};
};
}

7
modules/system/services/server/nginx/virtualhosts/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./files
./nixfox
];
}

8
modules/system/services/server/nginx/virtualhosts/files/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.services.webserver.enable {
enableACME = true;
addSSL = true;
globalRedirect = "www.nixfox.ca";
};
}

29
modules/system/services/server/nginx/virtualhosts/nixfox/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts = lib.mkIf config.services.webserver.enable {
"www.nixfox.ca" = {
enableACME = true;
addSSL = true;
default = true;
root = "/var/www/landing-page";
};
"nixfox.ca" = {
enableACME = true;
addSSL = true;
globalRedirect = "www.nixfox.ca";
locations = {
"/.well-known/matrix/client".extraConfig = ''
default_type application/json;
return 200 '{
"m.homeserver": { "base_url": "https://matrix.nixfox.ca" },
"m.identity_server": { "base_url": "https://matrix.org" }
}';
'';
"/.well-known/matrix/server".extraConfig = ''
default_type application/json;
return 200 '{ "m.server": "matrix.nixfox.ca:443" }';
'';
};
};
};
}